Just a quick question (hopefully): for GDPR reasons I would like my Grav sites to be cookie free. I see the Form plugin uses them, however if I disable the session my forms still seem to work. They're NOT on modular pages. Can I leave them like that or am I disabling some functionality that I'm not aware of right now?

Many thanks!

GDPR allows strictly necessary cookies like session or shopping cart cookies. And these don't need informed consent.
https://gdpr.eu/cookies/ -> Strictly necessary cookies

I am aware of that. However, one of my clients wants an explicit "no we do not set any cookies" banner, and I need to be sure of what kind of cookies I am setting (or not) for that. Also I can't really claim technical necessity for a cookie whose use I do not know, can I?

Anyway it seems that on non-modular pages, forms are working fine without cookies. (-: I'd still love to hear an informed opinion on that though.

You can disable sessions from Grav and make the forms not require a token. Though that also means that there's no protection against spam, though that said, sessions do not help much either but require more complicated scripts.

Thanks for the response!